GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  FILEMON (4)

NAME

filemon - the filemon device

CONTENTS

Synopsis
Description
Ioctls
Return Values
Files
Examples
See Also
History
Bugs

SYNOPSIS


.In dev/filemon/filemon.h

DESCRIPTION

The filemon device allows a process to collect file operations data of its children. The device /dev/filemon responds to two ioctl(2) calls.

filemon is not intended to be a security auditing tool. Many syscalls are not tracked and binaries of foreign ABI will not be fully audited. It is intended for auditing of processes for the purpose of determining its dependencies in an efficient and easily parsable format. An example of this is make(1) which uses this module with .MAKE.MODE=meta to handle incremental builds more smartly.

System calls are denoted using the following single letters:

C chdir(2)
D unlink(2)
E exec(2)
F fork(2), vfork(2)
L link(2), linkat(2), symlink(2), symlinkat(2)
M rename(2)
R open(2) for read
S stat(2)
W open(2) for write
X _exit(2)

Note that R’ following W’ records can represent a single open(2) for R/W, or two separate open(2) calls, one for R’ and one for W’. Note that only successful system calls are captured.

IOCTLS

User mode programs communicate with the filemon driver through a number of ioctls which are described below. Each takes a single argument.
FILEMON_SET_FD Write the internal tracing buffer to the supplied open file descriptor.
FILEMON_SET_PID
  Child process ID to trace.

RETURN VALUES

The ioctl function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

FILES

/dev/filemon
 

EXAMPLES

#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <dev/filemon/filemon.h>
#include <fcntl.h>
#include <err.h>
#include <unistd.h>

static void open_filemon(void) {         pid_t child;         int fm_fd, fm_log;

        if ((fm_fd = open("/dev/filemon", O_RDWR | O_CLOEXEC)) == -1)                 err(1, "open(\"/dev/filemon\", O_RDWR)");         if ((fm_log = open("filemon.out",          O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, DEFFILEMODE)) == -1)                 err(1, "open(filemon.out)");

        if (ioctl(fm_fd, FILEMON_SET_FD, &fm_log) == -1)                 err(1, "Cannot set filemon log file descriptor");

        if ((child = fork()) == 0) {                 child = getpid();                 if (ioctl(fm_fd, FILEMON_SET_PID, &child) == -1)                         err(1, "Cannot set filemon PID");                 /* Do something here. */         } else {                 wait(&child);                 close(fm_fd);         } }

Creates a file named filemon.out and configures the filemon device to write the filemon buffer contents to it.

SEE ALSO

dtrace(1), ktrace(1), truss(1), ioctl(2)

HISTORY

A filemon device appeared in
.Fx 9.1 .

BUGS

Loading filemon may reduce system performance for the noted syscalls.

Only children of the set process are logged. Processes can escape being traced by double forking. This is not seen as a problem as the intended use is build monitoring, which does not make sense to have daemons for.

Search for    or go to Top of page |  Section 4 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.